Bebo Virus

Itsdacraic

Just a heads up on a nasty piece of spyware doing the rounds via bebo.

It arrives as an email from somebody in your friends list, so it can be easy for people to be fooled into opening. It generally contains a subject like "Lol" or "wow", and then text in the body such as "hey is that you in the video" and there is a link under that. When you click on the link it downloads a Trojan Zlob, hijacks your IE, installs a toolbar and redirects your homepage to a "security" site.

I have received this mail 3 times today from various friends accounts, so I'm assuming once it infects a machine it also sends out mails from your bebo account. I also had 3 machines at work today that had been infected with it.

It can be removed with Smithfraud but it obviously prevention is better than cure.

ayatollah

i actually came on here to issue the same warning.

i had to reinstall windows and am still ahving problems with my laptop.

its a vicious **** of a virus, ahat i would give to get hold of the little bastard that created it.

anyways my anger management issues not withstanding be extremly vigilent with this one.

Quazzie

I know very little about computers and virus removal. I got that mail and like an idiot opened it. I realised instantly that it was a virus then closed it, but I don't know if that was quick enough. How can I check if the virus caught on. I ran AVG system scan and it showed no errors. Does this mean I am safe. I am in work and could get in a load of **** if I downloaded a virus so I wanna make sure. My computer at the time seemed to slow up massivley but I restarted and it now seems fine again. Is there any way of knowing if I have and if I do how can I remove it.

Itsdacraic

Quazzie2002 wrote: »

I know very little about computers and virus removal. I got that mail and like an idiot opened it. I realised instantly that it was a virus then closed it, but I don't know if that was quick enough. How can I check if the virus caught on. I ran AVG system scan and it showed no errors. Does this mean I am safe. I am in work and could get in a load of **** if I downloaded a virus so I wanna make sure. My computer at the time seemed to slow up massivley but I restarted and it now seems fine again. Is there any way of knowing if I have and if I do how can I remove it.

AVG should catch it. It caught it on my mates machine. It also depends what browser you were using at the time you opened it? After you click on the link it brings up a message saying "codec required" or similar it's when you click on this that the virus tries to download. If you didn't get to that stage you should be ok.

In Internet Explorer it will have installed "Security Toolbar 07" and also your home page should have changed to some crappy antivirus company with a pop up prompting you to install there products.

I suppose it might be no harm to run Hijackthis and post up a log file. I wouldn't be the greatest with that though, so someone else here might be able to advise better.

Quazzie

I was using IE8. Like I said I'm technologically challenged so nothing fancy like firefox for me. AVG ran a clean bill of health and my home page is as normal. I'm hoping these are good enough signs. Is it safe to do online shopping even if I had it?

Itsdacraic

Quazzie2002 wrote: »

I was using IE8. Like I said I'm technologically challenged so nothing fancy like firefox for me. AVG ran a clean bill of health and my home page is as normal. I'm hoping these are good enough signs. Is it safe to do online shopping even if I had it?

Do you have adaware or spybot on yuor machine? If so, run one (or both) of these just to be sure that AVG isn't missing anything.

Fad

Firefox wouldn't let me follow the link

Mild suspicion raised when I received a message from a girl I haven't spoken to in months.

Itsdacraic

Fad wrote: »

Firefox wouldn't let me follow the link

Mild suspicion raised when I received a message from a girl I haven't spoken to in months.

It was something other than suspicion was raised when I saw the bird I got it from. She's a cracker!

Itsdacraic

Itsdacraic wrote: »

It was something other than suspicion was raised when I saw the bird I got it from. She's a cracker!

Actaully I'm going to go around telling everyone I got an infection off her!

ayatollah

Zero Spyware seems to find the files.

i went through the program files myself but i dont reccommend you do this unless you know what you're doing!

i've gotten the bebo mail three times since then.

it appears to be a matter of time before everyone gets it.

GrumPy

I got it about 20mins after I read this thread.


:pac:

Quazzie

What are the effects to look for? How will we know we have it without finding it on a scan, because I'm hearing that not all scans pick it up. Can someone stick a link up to a free scan program that does pick it up?

seamus

For one variant anyway, you'll see the attached message in your system tray, complete with spelling mistakes. Obviously, don't click the bubble or install anything that it prompts you to.

I would imagine that up-to-date AVG or Avast would pick it up, as would spybot or ad-aware.

Facebook as far as I can see blocks these links now telling you that they're malicious.

Quazzie

I know legal talk is a big no no but are the social networking sites i.e bebo/facebook/myspace etc etc in any way legally accountable for any damage caused by these viruses spread by their emailing system. I'd imagine no but its always been something I've wondered

AlmightyCushion

Doubtful unless they actually host or create the virus.

Saruman

seamus wrote: »

For one variant anyway, you'll see the attached message in your system tray, complete with spelling mistakes. Obviously, don't click the bubble or install anything that it prompts you to.

I would imagine that up-to-date AVG or Avast would pick it up, as would spybot or ad-aware.

Facebook as far as I can see blocks these links now telling you that they're malicious.

I know this one very well, i remove it off so many computers i have lost count. I even managed to get it myself, using firefox one day. Only had it for about 10 mins but i know that if it goes untreated, you can lose the ability to view network shares (except mapped drives) and you no option but to format. Even a repair windows install does not fix it.

If you get it, use the smitfraud fix software then install malwarebytes, update it and run a scan. It should get rid. Hijack this is great if you know how to use it too.

phantom_lord

bleh, i was half asleep and i opened it this. i only have the old 7.0 avg on my laptop, but i installed the new version, ran a scan and removed two viruses, plus i ran spybot, but that came up clean. am i ok, or should i install some of the programs mentioned here?

skerryman

Someone opened one of these nasty mails on my laptop two days ago, now "coincidentally" I get a BSOD today and my laptop is screwed by the looks of things. Once I boot up it goes straight to 'Startup Repair' and will not pass this test due to corrupt files or something. Does anyone out there know how I can remove this bugger or somehow retrieve my data before I do the dreaded system restore.

P.S. I hope the people that spread these viruses get a real virus, I think Ebola would suffice.

Nerin

AlmightyCushion wrote: »

Doubtful unless they actually host or create the virus.

They should at least put a notice up. I got two of these mails. Warned my friends,but bebo should put an announcement out.

Sherifu

I have the best protection I can get: no bebo account

Sounds like a nasty fecker.

GrumPy wrote: »

I got it about 20mins after I read this thread.


:pac:

Lol.

skerryman

skerryman wrote: »

Someone opened one of these nasty mails on my laptop two days ago, now "coincidentally" I get a BSOD today and my laptop is screwed by the looks of things. Once I boot up it goes straight to 'Startup Repair' and will not pass this test due to corrupt files or something. Does anyone out there know how I can remove this bugger or somehow retrieve my data before I do the dreaded system restore.

P.S. I hope the people that spread these viruses get a real virus, I think Ebola would suffice.

Also I have Ad Aware and Avast and ran both numerous times in the last two days but nothing was picked up.

Any suggestions people??

Sherifu

skerryman wrote: »

Also I have Ad Aware and Avast and ran both numerous times in the last two days but nothing was picked up.

Any suggestions people??

Safe mode.
Rescue cd.

I'd advise a lot of researching and searching, maybe someone in your situation has already found a way to nuke it.

AlmightyCushion

The people who make these things are scum.

skerryman

Sherifu wrote: »

Safe mode.
Rescue cd.

I'd advise a lot of researching and searching, maybe someone in your situation has already found a way to nuke it.

Thanks for your reply, tried to enter safemode but no joy, ran chkdsk but came up with nothing. Have restore CD's but they just have OS and no personal data. Hopefully be able to retrieve personal data before I have to resort to that.

Mellyj78

I had been warned about the virus but before I could warn my friends a few of them had recieved the message- one of them had been charging her i-pod at the time- since trying to open the link her internet access has been affected and her i-pod will not switch on?? I have advised her about downloading an anti virus to help her pc but can we assume her i-pod problem is not related or is it i-pod heaven??? Please help :eek:

jonnygee

Does anyone know if the windows malicous software removal tool can fix this.

Standard Toaster

Fad wrote: »

Firefox wouldn't let me follow the link

Same here

Sherifu

skerryman wrote: »

Thanks for your reply, tried to enter safemode but no joy, ran chkdsk but came up with nothing. Have restore CD's but they just have OS and no personal data. Hopefully be able to retrieve personal data before I have to resort to that.

Get this or a linux live cd and an external hard drive so you can back up your data. Then reinstall if you can't find another way. Pain in the balls tbh.

Saruman

If you are quick enough, a windows XP system restore back a few weeks will put you back before the infection loads, then you can scan and remove it.

Dartz

The idiot downstairs clicked it. Kaspersky nabbed it before it could do any harm. Saves me having to clean it up for another few weeks.

tomisboe

Hi i'm new and i got this happen to me last night, i've installed Avg 8 and it got rid of 2 things, but it's still on my pc, i was wondering i have internet explorer 6 and if i installed firefox would the virus affect it or just internet explorer 6, and also i installed xoftspyse and it found the threats but i have to pay, is there another way to get rid of the virus without paying? many thanks.

coolarama

Hi, I spent ages trying to rid this virus from a friends computer, I did scans with lots of spyware, malware, antivirus programs and even though they all found threats none of them removed the virus. Following advice from heresjonny30 here I did a search for files modified on the date that the virus was downloaded. I noticed that MSXML 6.0 was installed in C:\Program Files\ around the time of the virus was installed. I'm sure exactly what MSXML is but it is supposed to be a legit microsoft tool, but I removed it anyway (I was thinking either this was the virus or else that the virus needs this to run). Anyway this did the trick for me and now the internet is working fine again. Also just to note the symptoms of the virus were that it kept changing firefox and IE proxy settings to 127.0.0.1.

Sherifu

coolarama wrote: »

Hi, I spent ages trying to rid this virus from a friends computer, I did scans with lots of spyware, malware, antivirus programs and even though they all found threats none of them removed the virus. Following advice from heresjonny30 here I did a search for files modified on the date that the virus was downloaded. I noticed that MSXML 6.0 was installed in C:\Program Files\ around the time of the virus was installed. I'm sure exactly what MSXML is but it is supposed to be a legit microsoft tool, but I removed it anyway (I was thinking either this was the virus or else that the virus needs this to run). Anyway this did the trick for me and now the internet is working fine again. Also just to note the symptoms of the virus were that it kept changing firefox and IE proxy settings to 127.0.0.1.

Nasty.

yoyo

A MBam scan in safe mode should remove this crap

Nick

ayatollah

i ran avg a few times and it never picked up on it

zero spyware helped me find the components

also if you have ashampoo it will delete some of the cookies for you.

this is a woeful <unt of a virus altogether.

you could always use the system restore function.

if you have XP there should be a restore checkpoint set everyday!

hope this helps.

i have since received the bebo mail about another 5 or 6 times since which leads me to believe that most of my friends have suffered the same fate.

and to the poster who said that bebo should warn people about this, your dead right and they should be tracking down the source and bringing legal action against them.

Bob the Builder

bebo is now reporting links as a virus (since this morning)
Safe Link to the warning message.

Virus is relatively new signature of an older one, so update your anti-virus, disconnect from the internet, and save all important files to a memory stick or dvd as soon as you can.

Change startup items(i usually find that ccleaner is good for this sort of stuff), and remove whatever you don't need from the startup list OR go to your start menu and either search for(in vista) or Run...(in windows) an application(already on your computer) called 'msconfig'. (Be careful in here, at your own risk), set it to diagnostic startup mode, restart your PC. This will ultimately just freeze the virus and give you an opportunity to carry out the anti-virus scan.

Up until three days ago, AVG did not even have anti-virus protection against this particular 'signature'. However, when I was taking anti-virus off someone's computer before that, Avast(www.avast.com) found the virus in a matter of seconds in the system32 folder.

Quote from heresjonny30:

heresjonny30 wrote: »

I found a file called algg.exe in this folder: c:\windows\system32, there is another file next to it called alg.exe but this is a safe file. Check the date modified for the file, and it should match the date and time that you clicked the link. delete the algg.exe if you can but malware bytes will/should pick it up. Its also worth sorting this folder by date modified and ditching other files modified at around this time. A couple of other files I deleted had random numbers and letters making up the file name.

After running the malwarebyte scan I also ran my virgin virus scanner everything came back clean. I usually run this in "on access mode"

Hope this helps, also worth clearing all you internet cookies and temp files. Change your passwords once your machine is clean. Clear you recycle bin.

And people are asking why viruses are created. Thats because viruses create money for the people that make them. Norton International, AVG, Avast, and other antivirus companies are huge companies that depend on fear of viruses for money, and people like me fix people's computers after other people make and distribute viruses. Other people get satisfaction out of exploiting holes in technology because they're so socially inept, they cannot get any other holes.

My recommendation is to use Google Chrome or Mozilla Firefox as your default browser rather than Internet Explorer. They have malicious website detectors. Also use Avast Anti-virus. It's ugly, but the free version has more features than it's counterparts (AVG), such as more comprehensive scanning, and on-access, live scanning. And when using Bebo, detect reality; a lad isn't going to write OMG title, followed by one line saying your an idiot followed by a link to a polish website.

Sherifu

nevf wrote: »

Other people get satisfaction out of exploiting holes in technology because they're so socially inept, they cannot get any other holes.

Lolol, best description of hackers ever.

AlmightyCushion

Sherifu wrote: »

Lolol, best description of hackers ever.

I was just about to say that, gave me a good laugh.

any worries for mac users?

mp3guy

Deleted User wrote: »

any worries for mac users?

If it's a phishing site yep, those are OS independent.

Bob the Builder

Thank you AC and Sherifu.

Deleted User wrote: »

any worries for mac users?

No, but there's worries for people who have Bebo accounts.

You aren't going to get a virus on your mac(it will only run on windows), but if you enter your bebo details, then you're literally sending other people the virus.

Bit of caution and common sense, and you won't go too far wrong.

Nerin

AlmightyCushion wrote: »

I was just about to say that, gave me a good laugh.

biki'd

Sharpshooter656

got a message from 4 of my friends saying there is a video with you in it and a link to the video. lucky enough i didnt open but when i asked my friends they said they didn't send it do not open any messages like this or else your computer may get a virus, or at least get hacked...

supersub14

hi, my internet wont work now cos of the bebo virus. My sister stupidly clicked on the link to the video while the firewall and antivirus was down.

I have run the following programs in this order and i seem to have removed the all virus files:

avgfree v8.0
Smitfraud Fix
Malwarebytes
Ccleaner

However, everytime i load up internet explorer now it says "internet explorer cannot display the webpage". I am on a wireless home network but all the other laptops and desktop pcs work ok so i know its just on this computer??

Can anyone help??

Cheers

supersub14

i forgot to say,

i cant seem to do a system restore as there arent any saved on dates before i got the virus. Goddammit...

skerryman

Same thing happened to me (see my post last page). Someone clicked link, got virus, internet slowed way down, next thing BAM BSOD, laptop crashed.

Just burned Ubuntu CD, booted from CD and am now saving my data onto external HD before I do a restore to factory settings.

No previous restore points showed up for me either. Pain in the ass but at least I didn't lose all my data.

supersub14

my laptop didnt crash. i was still able to shut it down ok. all that happened was a lot of IE browser windows opened up trying to take me to a antivirus website.

the virus seems to have changed my internet settings (if thats possible) and even though im still connecting to my wireless router ok it wont load up webpages?

Any help??

Sherifu

supersub14 wrote: »

my laptop didnt crash. i was still able to shut it down ok. all that happened was a lot of IE browser windows opened up trying to take me to a antivirus website.

the virus seems to have changed my internet settings (if thats possible) and even though im still connecting to my wireless router ok it wont load up webpages?

Any help??

Has it changed your proxy settings?

homerun_homer

supersub14 wrote: »

my laptop didnt crash. i was still able to shut it down ok. all that happened was a lot of IE browser windows opened up trying to take me to a antivirus website.

the virus seems to have changed my internet settings (if thats possible) and even though im still connecting to my wireless router ok it wont load up webpages?

Any help??

I downloaded a malware scanner for free which would remove any virus' picked up. I think this may be it but will try and confirm and get back to you.

http://www.malwareremovalbot.com/?hop=congoman&gclid=CN7x_eHZ3ZYCFQZeswod_R_33A

Last night I got the same virus, ran a full scan(I had to cancel this after an hour as battery was dieing), removed the findings, rebooted and did a quick scan and removed everything else. Laptop was back to normal then.

supersub14

Sherifu wrote: »

Has it changed your proxy settings?

How can i tell if they've been changed? (i can find my way around a computer but im not an expert by any means lol)

Itsdacraic

supersub14 wrote: »

How can i tell if they've been changed? (i can find my way around a computer but im not an expert by any means lol)

in IE, go to Tools>Internet Options>Connections Tab, you may need to click into a LAN settings button then and this will show you your proxy settings.